I mentioned this vulnerability earlier this week in a podcast, but believe it deserves a bit more attention, in particular as exploits are now public, and a metasploit module appears in the works.
Dana Taylor (NI @root) released details about the vulnerabilities first in her blog . The post included quite a bit of details about respecitve vulnerabilities. Extended support for Oracle 10g ended July 2013 and a patch is not expected.
If for some reason you are still running Oracle 10g or earlier, please check on possible workarounds or upgrade to 11g
The vulnerabilities were assigned following CVE numbers
CVE-2012-3153 – PARSEQUERY keymap vulnerabiilty
Oracle details (requires login): https://support.oracle.com/rs?type=doc&id=279683.1
CVE-2012-3152 – URLPARAMETER code execution
Please let us know if you have any workarounds to share, or if you have any logs showing exploit attempts.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.